Chipolo · Chipolo One Bluetooth Tracker · CVE-2022-37193
**Name of the Vulnerable Software and Affected Versions**
Chipolo ONE Bluetooth tracker (2020) version 4.13.0
Chipolo iOS app version 4.13.0
**Description**
The issue concerns Incorrect Access Control, allowing access revocation evasion attacks. Once a malicious sharee obtains access credentials, Chipolo devices can be affected.
**Recommendations**
For Chipolo ONE Bluetooth tracker (2020) version 4.13.0, update the Chipolo iOS app to a version that addresses the access control issue.
For Chipolo iOS app version 4.13.0, consider restricting access to sensitive features until a patch is available.